CVE-2022-50266 kprobes: Fix check for probe enabled in kill_kprobe()

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe enabled in killkprobe In killkprobe, the check whether disarmkprobeftrace needs to be called always fails. This is because before that we set the KPROBEFLAGGONE flag for kprobe so that...

CVE-2022-50266 kprobes: Fix check for probe enabled in kill_kprobe()

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe enabled in killkprobe In killkprobe, the check whether disarmkprobeftrace needs to be called always fails. This is because before that we set the KPROBEFLAGGONE flag for kprobe so that...

GHSA-2GG8-85M5-8R2P Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

Chaos Controller Manager is vulnerable to OS command injection

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

CVE-2025-59360 OS command injection in Chaos Mesh via the killProcesses mutation

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

CVE-2025-59360

CVE-2025-59360 concerns Chaos Mesh’s Chaos Controller Manager. The killProcesses mutation (and related mutations like cleanIptables/cleanTcs) is reported vulnerable to OS command injection, enabling unauthenticated in-cluster attackers to perform remote code execution across the Kubernetes cluste...

PT-2025-37473

Name of the Vulnerable Software and Affected Versions Chaos Mesh versions prior to 2.7.3 Description The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster. This server provides an API that allows attackers to kill...

DEBIAN-CVE-2025-39763

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggering a 2-bit uncorrected error, the CPU will take a synchronous error...

AZL-67217 CVE-2025-39763 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggering a 2-bit uncorrected error, the CPU will take a synchronous error...

UBUNTU-CVE-2025-39763

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggering a 2-bit uncorrected error, the CPU will take a synchronous error...

CVE-2025-39763

CVE-2025-39763 affects the Linux kernel and describes an ACPI: APEI path where a synchronous memory error that is not recovered can cause the kernel to queue memory_failure() and poison a page, unmap it, and send SIGBUS to the triggering process to avoid a system-wide panic. The issue arises when...

CVE-2025-39763 ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggering a 2-bit uncorrected error, the CPU will take a synchronous error...

Linux Distros Unpatched Vulnerability : CVE-2017-14681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The daemon in P3Scan 3.0rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitra...

vhost_task: Handle SIGKILL by flushing work and exiting

...

Linux Distros Unpatched Vulnerability : CVE-2022-48760

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: core: Fix hang in usbkillurb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usbkillurb to return. It...

Linux Distros Unpatched Vulnerability : CVE-2025-38604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187stop move the call of usbkillanchoredurbs before clearing btxstatus.queue. This change preven...

Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware

A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer's network with custom malware and deploying a kill switch that locked out employees when his account was disabled. Davis Lu, 55, of Houston, Texas, wa...

AZL-73599 CVE-2025-38604 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187stop move the call of usbkillanchoredurbs before clearing btxstatus.queue. This change prevents callbacks from using already freed skb due to anchor was not kille...